AI and Data Protection: Is AI in Compliance with Data Protection?
Pia Heßler8/21/2023
In this article, you will learn what you need to pay attention to in terms of data protection when using AI-supported systems, and which systems will help you with that!
Table of contents
- What is AI?
- AI belongs to computer science and consists of two parts: a hardware component and a
- Artificial intelligence sounds like modern stuff to you? In fact, AI has been part of our private and professional environment for many years.
- Personal data must always be processed in compliance with the GDPR.
- This refers to issues such as data protection, data quality, intellectual property, transparency, liability and risk management, human review, employee training, ethical considerations, coding and plug-ins (the
- On OMR Reviews you can find many helpful tools in the categories
- AI Text Generator
- Fazit: Je sensibler die Daten, desto umfangreicher die rechtlichen Vorgaben
Since May 25, 2018, the European General Data Protection Regulation (GDPR) has been annoying data collectors. This means, companies and their data protection officers have to deal with the compatibility between AI and data protection, like it or not. In this article, you will learn what companies need to consider from a legal perspective when using AI.
What is AI?
There is (still) no universal definition for Artificial Intelligence (AI).In principle, computer systems simulate human intelligence using artificial intelligence. This means that machines process information, identify patterns, and make decisions independently. In short: AI is supposed to give computers the necessary intelligence with which they can independently process tasks and solve problems.The
European Parliament describes AI as follows: "Artificial Intelligence is the ability of a machine to imitate human abilities such as logical thinking, learning, planning, and creativity.
AI enables technical systems to perceive their environment, deal with what they perceive, and solve problems to achieve a specific goal. The computer receives data (which has already been prepared or collected via its own sensors, for example a camera), processes them and reacts.
AI systems are able to adjust their actions by analysing the consequences of previous actions and working autonomously."
How do AI-supported systems work?
Empfehlenswerte Datenschutz Management Software
Auf unserer Vergleichsplattform OMR Reviews findest du weitere empfehlenswerte Datenschutz-Software. Wir präsentieren mehr als 40 Tool, die den Schutz von persönlichen Daten für eine digitale Privatsphäre gewährleisten. Datenschutzmanagement-Software bietet umfassende Unterstützung in allen Aspekten des Datenschutzmanagements. Nutze diese Gelegenheit, um die verschiedenen Softwarelösungen zu vergleichen und dabei auf authentische und verifizierte Nutzerbewertungen zurückzugreifen:
AI belongs to computer science and consists of two parts: a hardware component and a
When programming artificial intelligence, three essential things are in focus: learning, developing logical thinking, and self-correction.
Learning:
- Collection of data, creation of rules (algorithms) for dealing with information from data, creation of concrete step-by-step instructionsLogic:
- Selection of algorithmsSelf-correction:
- Continuous adjustment of algorithmsSubareas of AI
Some terms keep coming up when it comes to AI. They are mistakenly used synonymously, but the technologies are different.
Natural Language Processing (NLP):
- This refers to the understanding, interpreting, and generating ofhuman language. It's about the ability to analyze context. NLP is used in speech recognition, automated translation, and chatbots.Neural networks:
- Artificially interconnected neurons form so-called neural networks. The neurons process information and pass it on to each other until the result is correct. This principle is used in theImage recognition.Machine Learning:
- The subsymbolic AI has no rules. Instead, the algorithm triggers mathematical processes. Until the correct result occurs. The artificial intelligence learns during the result search. Companies often useMachine Learning for their process automation.Deep Learning:
- Deep Learning belongs to Machine Learning. Here, the artificial neural network consists of at least five layers (Deep Neural Network). Thus, large amounts of data can be processed and analyzed. The machine learns automatically how to perform a task.Knowledge Presentation:
- It is about making information understandable and accessible for the computer. Knowledge Presentation is used, among other things, in data integration, online search queries, or in the automation of decision-making processes.Examples: Functions and areas where we already use AI
Artificial intelligence sounds like modern stuff to you? In fact, AI has been part of our private and professional environment for many years.
AI in everyday life
Even before ChatGPT, AI was being used in our everyday life - albeit unknowingly.
A few of many examples are:
Voice Assistants (e.g., Alexa)
- Smarthome (e.g., adjust light and temperature)
- Display in Social Media Feed and Ads (e.g., Facebook)
- Language Translation (e.g., DeepL)
- Image Editing (e.g., AI functions in Canva)
- Diagnoses by Medical Devices (e.g., Ada)
- AI in the professional environment
In various industries, companies automate their processes with intelligent systems. You usually encounter them in the form of
Conversational AI – or as you probably perceive them: Chatbots.Typical areas of application for this are:
Customer Service (e.g.,
- Purchase Advice Sinch EngageCost Determination and Risk Assessment
- Content Creation (e.g.,
- Buyer Journey (e.g.,
- Employee Surveys OpenAI ChatGPTWhat you should consider from a data protection point of view when using AI-supported systems
- AI-supported systems undergo real training sessions and continue to learn throughout their "lives". SAP Commerce CloudCompanies should bear in mind two basic things:
- Bad inputs (information from the internet) result in bad outputs (AI-generated content).
Personal data must always be processed in compliance with the GDPR.
Are there legal regulations when using AI?
If you process personal data with an AI-supported system, you must observe some regulations with regard to data protection. In this article we cannot cover all the regulations that may apply to you or your company, so please consider the following list as a rough overview.
- Data protection responsibility
- By using an AI-supported system, you are usually considered to be responsible for data protection. In most cases, the data is processed on the server of the providers of your AI-supported system. Providers are in this case order processors and process the data on your behalf. Then it is your task to conclude a data processing agreement and check whether they can fulfil the resulting obligations.
is a data protection software with which you can check to what extent AI violates applicable law.
That's great. It gets more complicated due to the further development of AI-supported systems. Some data protectors criticize the vague legal situation for the use of personal data during the "training". This is problematic, among other things, with regard to copyright-protected data. Critical voices suggest companies to deny the use of their collected data for safety reasons or to revert to an opt-out option - as you may know it from commercial use of ChatGPT.
Legal basis for data processing
Companies are obliged to have a valid legal basis for data processing. Usually, this is simply the consent of the persons concerned. You should not rely on a legitimate interest here. heyData Information requirements and data subject rights
Companies must consider the information, access, objection, correction, deletion, restriction, and data portability rights of the data subjects.
Privacy by Design and Privacy by Default
Companies must effectively implement data protection principles like data minimization. This applies both during the use of an AI-supported system and prior to system development.
Data Protection Impact Assessment (DPIA)
In most cases, a data protection impact assessment is necessary before data processing begins. According to the German Data Protection Conference, it is necessary for the processing of personal data, interaction control and evaluation.
Technical and organizational measures (TOM)
Companies must initiate extensive technical and organizational measures to ensure confidentiality, availability, and integrity of data.
Data Protection Officers
Check carefully whether the naming of data protection officers is necessary due to your AI-supported data processing.
Do data protection risks arise from the use of AI?
The longer a technology has been on the market, the more concrete recommendations for action can be derived from court rulings. AI-supported systems are still relatively new, which simply lacks these experience values. This fact by principle poses a certain risk for companies. Therefore, you should by no means rely on your research. Have your individual use case approved by a data protection expert before you process sensitive data with AI-supported systems.
The fact that not everything has been clarified regarding data protection according to legislators is shown by our neighboring country Italy: The data protection authority recently imposed improvement measures on ChatGPT to enable the use of the AI text generator again.
What you should consider when using AI-supported systems
As you can see, there are many things to consider when using AI from a data protection perspective. If you
process personal data, use the following checklist and tick off imaginary checkmarks.
Responsible dealing:
This refers to issues such as data protection, data quality, intellectual property, transparency, liability and risk management, human review, employee training, ethical considerations, coding and plug-ins (the
IHK will help you).
- Data Protection Impact Assessment: Is it necessary?Data Processing Agreement: Is it necessary and does it meet the requirements of Art. 28, GDPR?
- EU/EEA area: Are a standard contractual clause and a transfer impact assessment necessary?
- Ban on exclusive and automated decision-making (according to Art. 22, par. 1, GDPR): Is an exception actually justified?
- Area of application of AIYou're doing yourself a favor by reducing the area of application of your AI-supported system with regard to sensitive data to a minimum. So think carefully,
- Which data should be collected.Which employees should work with it.
Which guidelines for the use of the tool can help you and your team.
Conclusion: You like it simple? Then do without personal data!
- All this sounds complicated and costly? You're wondering right now if an AI-supported system can take on enough work to have time for this GDPR compatibility check? Then simply exclude sensitive data. When processing, for example, you can leave out complete data sets or delete certain information from the document to be edited beforehand.
- Let's take a company presentation as an example. Remove all sensitive data before you let an AI-supported system translate the presentation.
- Which systems help you with the topics data protection and AI?
On OMR Reviews you can find many helpful tools in the categories
Data Protection Management
and
AI Text Generator
, which support you in the use of or with the help of artificial intelligence in your professional everyday life. Take a look right now. The filter functions and the verified user reviews will help you to find the perfect tool for your company.Currently most popular systems on OMR Reviews:Conclusion: The more sensitive the data, the more extensive the legal requirementsAs impressive as the world of artificial intelligence may be, we are still at the very beginning. We mustn't forget that in all the euphoria. From a technical and legal point of view! Especially in sensitive areas of business like the HR department, legal regulations can quickly lead to restrictions. Companies with work councils must consider not only data protection and labor law regulations, but also co-determination and participation rights (according to § 87, par. 1 and § 90, par. 1 Industrial Constitution Act). A general ban on AI-supported systems is currently unimaginable in Germany and Europe. As long as you always keep an eye on our applicable law and handle AI responsibly, nothing stands in the way of you and your new intelligent favorite tool.
Derzeit besonders beliebteste Systeme auf OMR Reviews:
heyData
Legally ok
NoSpamProxy
PrivacyBee
SAI360
consentmanager
neuroflash
OpenAI ChatGPT
Creaitor
Retresco Textengine
Conversionmaker.aiFazit: Je sensibler die Daten, desto umfangreicher die rechtlichen Vorgaben
So beeindruckend die Welt der künstlichen Intelligenz auch ist, noch stehen wir ganz am Anfang. Das dürfen wir in der ganzen Euphorie nicht vergessen. Aus technischer und rechtlicher Sicht! Besonders in sensiblen Unternehmensbereichen wie der Personalabteilung kann es durch rechtliche Vorgaben schnell zu Einschränkungen kommen. Unternehmen mit Betriebsräten müssen neben Datenschutz- und arbeitsrechtlichen Vorgaben beispielsweise auch das Mitbestimmungs- und Beteiligungsrecht (nach § 87, Abs. 1 und § 90, Abs. 1 BetrVG) berücksichtigen.
Ein generelles Verbot von KI-gestützten Systemen ist in Deutschland und Europa derzeit nicht vorstellbar. Solange du stets einen Blick auf unser geltendes Recht wirfst und einen verantwortungsbewussten Umgang mit der KI an den Tag legst, steht dir und deinem neuen intelligenten Lieblingstool nichts im Wege.
Author
Pia Heßler
Author
Pia Heßler
Pia war mehr als 10 Jahre im Vertrieb und Marketing verschiedenster Unternehmen aktiv. Danach gründete sie ihr eigenes Unternehmen und betreibt dieses zusammen mit ihrer Geschäftspartnerin.
